<?php
session_start(); /* start and/or continue the session for users */
header("Cache-control: private"); // workaround for IE6 bug

/* if we just logged out, we've got to forget about what we were doing, and head back to the login page */
if ($do === "logout") {
        include ("./includes/logout.inc");
//        include('login.php');
        header('Location: login.php?do=logout');
        
}

// check for username,password, and create session variables
if(!$U_id && $do === 'login' && $_POST['username']) {
        $encrypted_password = (md5(strtolower(trim($_POST['username'])) . strtolower(trim($_POST['password']))));
        $usrQuery = @mysql_result(mysql_query("SELECT `id` FROM `users` WHERE `username`='".mysql_real_escape_string($_POST['username'])."' AND `password`='".$encrypted_password."' LIMIT 1"), 0);
        if ($usrQuery) {
           $U_id = $usrQuery;
           $_SESSION['U_id'] = $U_id;
        } else {
//           echo ('That username and password did not match.<br />');
        }
        mysql_query("INSERT INTO `logout` SET `login`='".mysql_real_escape_string($nowstamp)."',`user`='".mysql_real_escape_string($U_id)."'");
}
if ($_SESSION['U_id']) $U_id = $_SESSION['U_id'];

// is someone logged in?
if ($U_id) {
   $U_ = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id`='".mysql_real_escape_string($U_id)."' LIMIT 1 "));
   if (!$cat) $cat = $U_[category];  //give the user their default category if they don't already have one
   /*
   $quer2 = mysql_query("SELECT `id`,`username`,`password`,`rights`,`category`,`name` FROM `users` WHERE `username`='$_user' AND `password`='$_password'");
      if (mysql_num_rows($quer2)==0) {
         session_destroy();//kills the session if user not in the database
            die("User authentication failed, click <a href=\"index.php\">here</a> to login again.");//this stops the page from displaying to unauthorised users
      } else {
         if (!isset($cat)) { // if we haven't reset the user's category, the default should be perfect
            $cat = mysql_result($quer2,0,"category");
            if (!$cat) $cat = 'all'; // if the user has no set category, set category to 'all'
         }
         // get data from the database, and load make 'em into session variables
         $_SESSION['_user'] = mysql_result($quer2,0,"username");
         $_SESSION['U_rights'] = mysql_result ($quer2,0,"rights");
         $U_rights = $_SESSION['U_rights'];
         $_SESSION['_NAME'] = mysql_result($quer2,0,"name");
   //} else {
      $quer2 = mysql_query("SELECT * FROM `users` WHERE `username`='$_user' AND `password`='$_password'");
         if (mysql_num_rows($quer2)==0) {
            session_destroy(); //kill session if user not in the database
               die("User authentication failed, click <a href=\"index.php\">here</a> to login again.");  //die page die
         }
   }
   $sql = "SELECT `username`,`password`,`category`,`rights` FROM `users` WHERE `username`='$_user' LIMIT 1";
   $result = mysql_query($sql);
   $row = mysql_fetch_row($result);
   if (!$row) {
      echo ('you\'re not even a dj here, you fool!');
   } else if ($_password != $row[1]) {
      echo ('whoa, there cowboy!  Wrong password.');
   } else {
      mysql_free_result($result);
*/

        if ($do === 'login'){
                if ($U_[rights] > 5){
//                      include ('./admin/integrity.php');
                }
                if ($row[2]) $cat = $row[2];
        }
   } else {
      if ($do !== 'login') {
         header('Location: login.php');
      } else {
         header('Location: login.php?login=fail');
      }
   }
$rights = $_SESSION[rights] = $U_[rights];
//echo('<h1>RIGHTS='.$U_[rights].'</h1>');
        ?>
